How To Install SELinux on Ubuntu 22.04 LTS
In this tutorial, we will show you how to install SELinux on Ubuntu 22.04 LTS. For those of you who didn’t know, SELinux is not installed by default in Ubuntu. Security Enhanced Linux is primarily used by the Red Hat-based Linux distributions, which include Red Hat Enterprise Linux, CentOS, and Fedora. Security-Enhanced Linux (SELinux) is a security architecture for Linux systems that allows administrators to have more control over who can access the system.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo
‘ to the commands to get root privileges. I will show you the step-by-step installation of the SELinux on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
Prerequisites
- A server running one of the following operating systems: Ubuntu 22.04, 20.04, and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo user
or access to theroot user
. We recommend acting as anon-root sudo user
, however, as you can harm your system if you’re not careful when acting as the root.
Install SELinux on Ubuntu 22.04 LTS Jammy Jellyfish
Step 1. First, make sure that all your system packages are up-to-date by running the following apt
commands in the terminal.
sudo apt update sudo apt upgrade sudo apt install wget apt-transport-https gnupg2 software-properties-common
Step 2. Check AppArmor.
Your Ubuntu 22.04 installation probably runs AppArmor by default. To verify its status run the following command:
sudo systemctl status apparmor
If it is running, you will see output like this:
apparmor.service - Load AppArmor profiles Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor pres> Active: active (exited) since Sat 2022-11-10 08:18:10 EDT; 1h 46min ago Docs: man:apparmor(7) https://gitlab.com/apparmor/apparmor/wikis/home/ Process: 679 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, > Main PID: 679 (code=exited, status=0/SUCCESS) Oct 08 08:16:12 imaginelinux systemd[1]: Starting Load AppArmor profiles... Oct 08 08:16:12 imaginelinux apparmor.systemd[679]: Restarting AppArmor Oct 08 08:16:12 imaginelinux apparmor.systemd[679]: Reloading AppArmor profiles Oct 08 08:16:12 imaginelinux apparmor.systemd[707]: Skipping profile in /etc/apparmo> Oct 08 08:16:12 imaginelinux systemd[1]: Finished Load AppArmor profiles.
In the more common case, where AppArmor is running, stop it:
sudo systemctl stop apparmor sudo systemctl disable apparmor
Step 3. Installing SELinux on Ubuntu 22.04.
By default, SELinux is available on Ubuntu 22.04 base repository. Now install the latest version of SELinux to your Ubuntu system using the following command:
sudo apt install policycoreutils selinux-basics selinux-utils
Once it’s finished, you can then activate it:
sudo selinux-activate
Output:
SELinux is activated. You may need to reboot now.
Do not reboot immediately! First, review the current state of your new SELinux host:
getenforce
This shows the one-word response:
Disabled
This means that your SELinux is ready to work. It’s “active” but not yet turned on.
Step 4. Enabling SELinux Modes on Ubuntu 22.04.
There are three different modes that you can use with SELinux. The first is disabled, which does the same as its name. It disables using the SELinux service. When SELinux is activated, you can set it to permissive
or Enforcing
modes. In the permissive mode, only the monitoring of the interaction is done. However, if you want to filter and monitor the interaction, use the enforcing mode.
By default SELinux on Ubuntu run in permissive mode. To enable SELinux, Open the /etc/selinux/config
file and set SELINUX=enforcing
.
Step 5. Disable SELinux on Ubuntu 22.04.
Disabling SELinux is easier as it’s enabled and installed. Basically, there are two ways of disabling it. Either temporarily or permanently. Disabling SELinux temporary makes it disable for a while until the next boot, and as soon as the computer is turned on again the state is restarted.
The best way to disable it is to change its status to permissive:
nano /etc/selinux/config
Follow the configuration:
FROM: SELINUX=enforcing TO: SELINUX=permissive
Save and close the file, then reboot your system for the changes to take effect:
reboot
After a successful reboot, you can run the following command to check the SELinux status:
sestatus
Congratulations! You have successfully installed SELinux. Thanks for using this tutorial for installing the SELinux on Ubuntu 22.04 LTS Jammy Jellyfish system. For additional help or useful information, we recommend you check the official Ubuntu website.